Lucene search

[email protected]NVD:CVE-2015-7444

HistoryFeb 15, 2016 - 2:59 a.m.

CVE-2015-7444

2016-02-1502:59:11

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

36.2%

JSON

The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch7.0.0.8

ibmwebsphere_commerceMatch7.0.0.9

VendorProductVersionCPE
ibmwebsphere_commerce7.0.0.8cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce7.0.0.9cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	7.0.0.8	cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:::::::*
ibm	websphere_commerce	7.0.0.9	cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1JR54563

www-01.ibm.com/support/docview.wss?uid=swg24041614

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

36.2%

JSON

Related for NVD:CVE-2015-7444

cve1 prion1 cvelist1